Authelia Container: Secure Authentication and Identity Portal
Authentication is a critical aspect of any modern web application. Whether you're running a personal blog or a complex enterprise system, ensuring that only authorized users gain access is paramount. Authelia is an open-source authentication and identity portal that helps you protect your applications and services with robust security measures. In this blog post, we'll explore Authelia and how to set it up in a Docker container.
What is Authelia?
Authelia is an authentication and access control solution that adds an extra layer of security to your web applications. It provides features like:
Two-Factor Authentication (2FA): Enhance security by requiring users to enter a one-time code generated by an authenticator app or received via email or SMS.
Single Sign-On (SSO): Users can log in once and access multiple applications without having to re-enter their credentials.
Identity Portal: A web-based portal where users can manage their authentication methods and perform self-service actions, such as password resets.
Access Control: Define fine-grained access policies to restrict user access to specific resources or services.
Integration: Authelia works seamlessly with popular reverse proxies like Nginx, Caddy, and Traefik, making it a versatile solution for securing web applications.
LDAP and 2FA Backend Support: Authelia supports a wide range of backends for user storage and two-factor authentication methods.
Now, let's explore how to set up Authelia in a Docker container.
Prerequisites
Before you begin, make sure you have the following prerequisites in place:
1. Docker: Ensure you have Docker installed on your server or development machine. You can download and install Docker from the official website: Docker.
2. Domain Name: You should have a domain name pointing to your server's IP address. Authelia requires a valid domain for SSL/TLS certificates.
Setting up Authelia in a Docker Container
Setting up Authelia in a Docker container is a straightforward process. You can use a docker-compose.yml file to define and configure the necessary services. Below is a basic docker-compose.yml file to get you started:
version: '3'
services:
authelia:
image: authelia/authelia
container_name: authelia
volumes:
- ./config:/config
ports:
- "9091:9091"
environment:
- TZ=America/New_York # Set your timezone here
- AUTO_GENERATE_CERTS=true # Auto-generate SSL certificates
networks:
- authelia_network
nginx:
image: nginx
container_name: nginx
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- ./authelia:/etc/nginx/authelia
ports:
- "80:80"
- "443:443"
depends_on:
- authelia
networks:
- authelia_network
networks:
authelia_network:
driver: bridge
Here's a breakdown of the above docker-compose.yml file:
We define two services:
autheliaandnginx. Theautheliaservice runs the Authelia container, and thenginxservice runs an Nginx reverse proxy.Authelia uses a volume called
configto store its configuration files. You can customize Authelia's configuration by modifying the files in the./configdirectory.We expose ports 9091 (Authelia) and 80/443 (Nginx) to the host machine, allowing external access.
You can set your server's timezone using the
TZenvironment variable.The
AUTO_GENERATE_CERTSenvironment variable instructs Authelia to generate self-signed SSL certificates automatically. For a production setup, consider using Let's Encrypt or your own SSL certificates.The Nginx service uses a custom
nginx.conffile and a volume namedautheliato configure the reverse proxy.
Configuring Authelia
Authelia's configuration is highly customizable and can be tailored to your specific needs. You can find the default configuration files in the Authelia GitHub repository under the config directory.
To configure Authelia, follow these steps:
1. Create a directory called config in the same directory as your docker-compose.yml file.
2. Inside the config directory, copy the default Authelia configuration files from the GitHub repository.
3. Customize the configuration files to match your requirements. Pay close attention to configuration.yml, where you define authentication backends, two-factor authentication methods, and access control rules.
4. Save your changes.
Configuring Nginx
Nginx serves as a reverse proxy in front of Authelia. It's responsible for handling SSL/TLS encryption and forwarding requests to Authelia for authentication. You'll need to create an nginx.conf file to configure Nginx.
Here's a simple example of an nginx.conf file:
http {
server {
listen 80;
server_name yourdomain.com;
location / {
proxy_pass http://authelia:9091;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 443 ssl;
server_name yourdomain.com;
ssl_certificate /etc/nginx/authelia/authelia.crt;
ssl_certificate_key /etc/nginx/authelia/authelia.key;
location / {
proxy_pass http://authelia:9091;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
This configuration listens on ports 80 and 443, sets up SSL/TLS using the certificates generated by Authelia, and forwards requests to the Authelia container.
Running Authelia
To start Authelia, navigate to the directory containing your docker-compose.yml file and run:
docker-compose up -d
This command will start Authelia and Nginx in the background.
Accessing Authelia
You can now access Authelia by visiting your domain name in a web browser. Authelia will prompt you to log in or register if you haven't already. After authentication, it will protect your applications and services according to the access control rules you've configured.
Conclusion
Authelia is a powerful open-source authentication and identity portal that enhances the security of your web applications. By setting up Authelia in a Docker container, you can easily integrate it with your existing infrastructure and protect your services with features like two-factor authentication and single sign-on. Remember to tailor the configuration to your specific needs and consider additional security measures like Let's Encrypt for SSL/TLS certificates in a production environment. With Authelia, you can keep your applications secure and your users' identities protected.